What distinguishes an Access Control List (ACL) from a capability table?

The correct answer is that Access Control Lists (ACLs) are object-focused. This means that ACLs are designed to specify which users or groups have access rights to a particular resource or object. Each object, such as a file or directory, has its own ACL that lists the permissions associated with various users or user groups.

When examining the distinction, it's important to understand that an ACL directly relates permissions to an object, allowing administrators to manage access by specifying who can or cannot access that object. This object-centric approach contrasts with capability tables, which assign permissions to users and can indicate what actions those users can perform on various objects. While capability tables focus on user capabilities and their permissions regarding multiple objects, ACLs focus on individual objects and detail which users can interact with them.

This object-oriented approach in ACLs allows for clear delineation of access rights per resource, making it a widely adopted method in security models.